\section{Abstract}
\label{sec:abstract}

Name resolution attacks remain as one of the most popular security threats.  The difficulties in resolving names result in part from timing issues, but also the complexities of resolving a path.  We present a method for extending the metadata associated with a file to include both a canonical path and an update history.  These attributes are cryptographically protected and address TOCTTOU attacks and path resolution by allowing file history and path to be verified with the file already locked.  Our methods can also be used to extend the threat model of SELinux trust labels to include intrusion by a privileged process.